Finding and fixing vulnerabilities in information systems : (Record no. 300488)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 03868cam a2200577 i 4500 |
| 001 - CONTROL NUMBER | |
| control field | rnd000000000071852 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | RAND |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20160615135114.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 031125s2003 caua b 000 0 eng d |
| 010 ## - LIBRARY OF CONGRESS CONTROL NUMBER | |
| LC control number | 2003012342 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 0833034340 (pbk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 0833035991 (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9780833034342 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9780833035998 (electronic bk.) |
| 027 ## - STANDARD TECHNICAL REPORT NUMBER | |
| Standard technical report number | RAND/MR-1601-DARPA |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (Sirsi) a441334 |
| 037 ## - SOURCE OF ACQUISITION | |
| Terms of availability | $24.00 |
| Form of issue | paperback |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | CstmoR |
| Transcribing agency | CstmoR |
| 043 ## - GEOGRAPHIC AREA CODE | |
| Geographic area code | n-us--- |
| 049 ## - LOCAL HOLDINGS (OCLC) | |
| Holding library | Alfaisal Main Library |
| 050 00 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | QA76.9.A25 |
| Item number | F525 2003 |
| 245 00 - TITLE STATEMENT | |
| Title | Finding and fixing vulnerabilities in information systems : |
| Remainder of title | the vulnerability assessment and mitigation methodology / |
| Statement of responsibility, etc | Philip S. Anton ... [et al.]. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE STATEMENTS | |
| Place of production, publication, distribution, manufacture | Santa Monica, CA : |
| Name of producer, publisher, distributor, manufacturer | RAND, |
| Date of production, publication, distribution, manufacture | 2003. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | xxvi, 117 pages : |
| Other physical details | illustrations ; |
| Dimensions | 28 cm |
| 336 ## - CONTENT TYPE | |
| Content Type Term | text |
| Content Type Code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media Type Term | computer |
| Media Type Code | c |
| Source | rdamedia |
| 337 ## - MEDIA TYPE | |
| Media Type Term | unmediated |
| Media Type Code | n |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier Type Term | online resource |
| Carrier Type Code | cr |
| Source | rdacarrier |
| 338 ## - CARRIER TYPE | |
| Carrier Type Term | volume |
| Carrier Type Code | nc |
| Source | rdacarrier |
| 500 ## - GENERAL NOTE | |
| General note | "National Defense Research Institute." |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc | Includes bibliographical references (p.115-117). |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Introduction -- Concepts and Definitions -- VAM Methodology and Other DoD Practices in Risk Assessment -- Vulnerability Attributes of System Objects -- Direct and Indirect Security Techniques -- Generating Security Options for Vulnerabilities -- Automating and Executing the Methodology: A Spreadsheet Tool -- Next Steps and Discussion -- Summary and Conclusions -- Appendix: Vulnerability to Mitigation Map Values. |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc | Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge--especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors, understanding the risks posed by new kinds of information security threats, build on previous RAND mitigation techniques by introducing the Vulnerability Assessment and Mitigation (VAM) methodology. The six-step procedure uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses. The authors lead evaluators through the procedure of classifying vulnerabilities in their systems' physical, cyber, human/social, and infrastructure elements, and identifying which security techniques can be relevant for these vulnerabilities. The authors also use VAM to break down information compromises into five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, a new automated tool implemented as an Excel spreadsheet is discussed; this tool greatly simplifies using the methodology and emphasizes analysis on cautions, risks, and barriers. |
| 530 ## - ADDITIONAL PHYSICAL FORM AVAILABLE NOTE | |
| Additional physical form available note | Also available on the internet via WWW in PDF format. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Command and control systems |
| General subdivision | Security measures |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer networks |
| General subdivision | Security measures |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Information services |
| General subdivision | Security measures |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Information superhighway |
| General subdivision | Security measures |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Information warfare |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | National security |
| Geographic subdivision | United States. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Risk assessment. |
| 651 #0 - SUBJECT ADDED ENTRY--GEOGRAPHIC NAME | |
| Geographic name | United States |
| General subdivision | Defenses. |
| 655 #7 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| Source of term | local |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Antón, Philip S. |
| Relator term | author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Anderson, Robert H. |
| Fuller form of name | (Robert Helms), |
| Dates associated with a name | 1939- |
| Relator term | author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Mesic, Richard, |
| Dates associated with a name | 1943- |
| Relator term | author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Scheiern, Michael L. |
| Relator term | author. |
| 710 ## - ADDED ENTRY--CORPORATE NAME | |
| Corporate name or jurisdiction name as entry element | Rand eBooks. |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Uniform Resource Identifier | <a href="http://ezproxy.alfaisal.edu/login?url=http://www.rand.org/publications/MR/MR1601/">http://ezproxy.alfaisal.edu/login?url=http://www.rand.org/publications/MR/MR1601/</a> |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Library of Congress Classification |
| Koha item type | eBooks |
No items available.